The SitePoint Forums have moved.

You can now find them here.
This forum is now closed to new posts, but you can browse existing content.
You can find out more information about the move and how to open a new account (if necessary) here.
If you get stuck you can get support by emailing forums@sitepoint.com

If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Then there are Captchas and their bazillion varieties. I recommend against them because they're a pain to decipher for people and won't prevent spam either. Reduce some, yes. Hinder, no.

So, no matter what you do, nothing will be the perfect solution.

In the end, the best solution - to me - seems to be the one that is most user-friendly. So, either a direct email link or a contact form. That's more work for you but much kinder on us, the users of your site.

The only way to hide an email address is to use a contact form so that the email address can be added after the form is submitted. At least then the spammer can't capture the email address and when you start getting too much spam you change the weay the form works.

With an email address in HTML no matter how you try to hide it the spammers will eventually get it and once they have got it then the address will receive spam forever no matter what you do.

I like to use decimal character entities representing each letter. Like all the other options, you'll still get spam, but a lot of the simple bots can't convert the characters, while the browsers can and all your human visitors will see normal text. I do this for the href's url and the text inside the tag.

I first saw it on Anne van Kesteren's Limpid contact page and thought it just looked cool and geeky : )

Another thing you could use is Hivelogic's Javascript encryption tool.

That, however, won't help you prevent spam either.

Do you think it reduces spam, though? I've been wondering how effective solutions like this are. Do some bots just figure the email address out anyhow, or does a spammer have to cut and paste the email address manually?

I use a contact form whenever allowed to, but lately I've had people insisting on an email address, and for want of something better, I've been using either the Hivelogic method and Stomme poes' entity reference method, depending on the weather. The latter has the advantage of not depending on JavaScript.

Doesn't a contact form also need a destination that can been seen via View Source?

No it doesn't. When you use a contact form the email address can be added to the email by the server side script that processes the form content after it is submitted. That wat the email address is only in a file on the server that no visitor has access to view rather than it being in a file downloaded to the browser where it can be viewed.

Even where you want the person filling out the form to be able to select between multiple destinations you don't have to make those selections the actual email addresses, you can use anything there and do a conversion from those values to the appropriate email addresses on the server.

Do you think it reduces spam, though? I've been wondering how effective solutions like this are. Do some bots just figure the email address out anyhow, or does a spammer have to cut and paste the email address manually?

I use a contact form whenever allowed to, but lately I've had people insisting on an email address, and for want of something better, I've been using either the Hivelogic method and Stomme poes' entity reference method, depending on the weather. The latter has the advantage of not depending on JavaScript.

Yeah, it does reduce spam, but not considerably. At least that is the experience I've made. So far, nothing has really worked too well. Captchas and their kin is a virtual suicide of a website...or homicide, depending on perspective, so these are not options for me.

Would using Twitter to communicate with web visitors be a good substitute for web site emailing to customers?

Twitter certainly can be a useful way to communicate with visitors/customers, but I wouldn't rely on it for serious communications, though. Apart from the word limit, it can be an unreliable service. And you certainly wouldn't want to send messages to customers via Twitter instead of email, as those messages can easily be missed.

Regarding forms, the only downside I see is that people can mis-type their email address, meaning that you can't respond to their message. You can, of course, require them to type the email address twice, but that's a hassle. And a problem I've been seeing lately is that quite a few people don't actually know their email address. I had one chap who kept sending me messages with an email that contained his middle initial, when it turned out that his middle initial was not a part of his email address.

Yeah, it does reduce spam, but not considerably. At least that is the experience I've made. So far, nothing has really worked too well. Captchas and their kin is a virtual suicide of a website...or homicide, depending on perspective, so these are not options for me.

The advantage that a form has over an email link is that while a form can be used to send spam you can change the form whenever you want to try to reduce the spam - if captchas stop working you try using invisible input foelds for the spam to fill out but for your real visitors to ignore or you test the time the form is displayed for between the page being requested and submitted and reject any submissions that are too fast - and when they don't work you move on to something else. No matter how much spam gets through the form the spammer still doesn't have your address and so can only spam you through the form.

Once a spammer gets your email address from an email link on the page to send spam there is nothing you can do apart from delete the email address completely as they now have the address and nothing you can change stops them from having it.

Thanks for all of your replies. I guess we can all agree that you can only hope to reduce spam not eliminate it.

When we talk about spammers getting the email address, are we talking about individuals? Or some type of bot?

It seems it's a balancing act between making it convenient for the user/customer and making it inconvenient for the spammer.

Can you provide an opinion of this?:

A Contact Page, for example, from a ficticious website named web1.com:
-------
Please contact our support department by selecting the link below.

IN BOLD:
To help us keep spammers away,
please type (or copy/paste):

.web1.com

into our email address:

Code:

<a href="mailto:support@">Email Address</a>

Or simply use our Contact Form below.
--------
If the spammer is an individual he can spam you, but if it's some type of bot, will they get the email address in this example?

It's convenient for the user, and you don't have to worry about the user mis-typing his email address, you're giving his a choice between inconvenient and less inconvenient. It's fast and simple to select the link which will have support@ in the TO: line, and you can always/regularly change the link to support1@ or support2@, etc.., right?

Besides, isn't an individual spammer going to get your email address anyway if he waits for a reply from the Contact Form?

When we talk about spammers getting the email address, are we talking about individuals? Or some type of bot?

Both. Individuals (and groups of individuals) run bot networks and keep databases of email addresses they believe to be valid or living.

Also you have another issue (if you're a popular site): Mechanical Turks. I have no idea where the term comes from, but basically you get a network of people who solve captchas and other things bots have trouble with. Amazon has a Mechanical Turk service you can rent. Other times it's porn sites who ask visitors to answer some simple question to get to the porn. Since there are always people looking for porn, this way at least in the recent past was pretty effective: the people didn't know or care why they were answering silly questions, and with millions or billions of people answering them, it can match a spammer's number of active bots who are coming across the questions they can't answer.

Other Mech Turk networks are people actually filling in answers for a wage.